Dear Average Retailer: How Hard Can You Hack Your Own Site?

It’s scary out there, and almost nothing’s scarier than a data breach. Many major companies are responding by launching all-out assaults on their own data security systems, trying to find the holes and gaps themselves. Most of these efforts happen under the radar, but some of the stories would be amusing if the stakes weren’t so high. What is an average retailer to do?

Dear Average Retailer,

It’s scary out there, and almost nothing’s scarier than a data breach.

We all know the horror stories: Target, Home Depot, Neiman Marcus, TJX, Staples, CVS. These retailers’ reputations have been – and probably still are – at serious risk because of these hacks. In addition to immediate concerns about the security of their customers’ data, retailers have to be concerned about the lasting impact of a breach. Mounting evidence shows that shoppers, far from being desensitized to them, recall specific data breaches, which impacts their shopping behavior at those retailers.

As reported by Advertising Age recently, many major companies are responding by launching all-out assaults on their own data security systems, trying to find the holes and gaps themselves. Most of these efforts happen under the radar, but some of the stories would be amusing if the stakes weren’t so high. Consider one company that sent phishing emails to its own employees, then slapped the wrists of those who clicked on them – or even immediately locked them out of all corporate systems and made them do the walk of shame to the IT department to get re-instated.

Walmart, the largest US retailer, has thus far avoided a major data breach, perhaps the result of its forbidding-looking, razor-wire protected “data bunker,” which seems intended to scare off would-be hackers.

The question is: how well are you, average retailer, able to undertake these kinds of initiatives? How hard can you hack your own site, or other crucial systems? The average retailer probably has its hands full just keeping its site up and running and complying with basic security requirements, with no time (or extra resources) for exhaustive data security tests, much less bunker-building.

And yet, if a breach happens, isn’t the average retailer’s reputation even more susceptible to the ensuing, long-term brand damage?

What’s the average retailer to do?

The good news is the average retailer doesn’t have to choose between going it alone or reverting back to pulp catalogs, faxes and hand-written price tags. By choosing a cloud platform rather than traditional, on-premise software, a retailer can leverage a provider’s years of experience, billions of dollars of annual transaction volume and the master class lessons in security that come with it.

No one can protect against a data breach with 100% certainty. Anyone who promises they can isn’t operating in good faith. But the point is, the average retailer can take advantage of the same kind of world-class security procedures they might think only the biggest companies can afford. And still be able to have some fun with self-generated phishing emails, as well.